AWS IoT Device Defender supports monitoring behavior of unregistered devices
AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices. AWS IoT Device Defender continuously monitors security metrics gathered from devices, the cloud, and AWS IoT Core for deviations from what you have defined as appropriate behavior for each device. If something doesn’t look right, AWS IoT Device Defender sends out an alert so you can take action to remediate the issue.
Now, AWS IoT Device Defender also supports the identification of unusual behavior for devices that are not registered with AWS IoT Core registry. To use this new feature, you first attach a security profile targeted at unregistered devices. AWS IoT Device Defender can then detect anomalies in cloud metrics for unregistered devices such as the number of authorization failures, connection attempts, disconnects, message size, number of messages sent or messages received, and source IP. Customers can now also monitor device side metrics for unregistered devices like bytes in/out, packets in/out, number of listening TCP/UDP ports and destination IPs the device is connecting.
For more information on how to get started, refer to the AWS IoT Device Defender Developer Guide.